ports/116222: editors/emacs: files installed with wrong owner
Nate Eldredge
neldredge at ucsd.edu
Sun Sep 9 08:40:02 UTC 2007
>Number: 116222
>Category: ports
>Synopsis: editors/emacs: files installed with wrong owner
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Sep 09 08:40:01 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: Nate Eldredge
>Release: 6.2-RELEASE-p5
>Organization:
>Environment:
FreeBSD vulcan.lan 6.2-RELEASE-p5 FreeBSD 6.2-RELEASE-p5 #2: Sun Jun 10 13:55:21 PDT 2007 nate at vulcan.lan:/usr/obj/usr/src/sys/VULCAN amd64
>Description:
When installing the emacs port under "su", some of the files are installed as the user running "su" rather than as root.
$ whoami
nate
$ su
# portupgrade -N emacs
[install editors/emacs]
# ls -l /usr/local/share/emacs/22.1/
total 22
drwxr-xr-x 5 nate wheel 3072 Sep 9 01:19 etc
drwxr-xr-x 4 root wheel 512 Sep 9 01:19 leim
drwxr-xr-x 20 nate wheel 12800 Sep 9 01:19 lisp
drwxr-xr-x 2 root wheel 512 Sep 9 01:19 site-lisp
The contents of etc/ and lisp/ are likewise owned by nate.
You might consider this a security problem, since now "nate" can tweak the lisp files and cause everyones' emacs to do funny things. Of course in this case, "nate" was able to su to root anyway, but you could imagine scenarios where this isn't the case.
>How-To-Repeat:
portupgrade -N emacs
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list